Jeg ved der er et sikkerhedshul, kan b are ikke finde det.
// START
<?php
$stylesheet = '<link href="
http://www.enetonline.dk/style.css" rel="stylesheet" type="text/css">';
session_start();
echo $stylesheet;
include 'config.php';
$connection = @mysql_connect($hostname, $user, $pass)
or die(mysql_error());
$dbs = @mysql_select_db($database, $connection) or
die(mysql_error());
$sql = "SELECT * FROM $userstable WHERE username = '$_POST[username]' AND password = '$_POST[password]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = @mysql_num_rows($result);
if($_GET['bruger'] == logaf) {
session_destroy();
header ("Location:
http://www.enetonline.dk/login/index.php?action=signout");
}
if ($num != 0) {
$cookie_name = "auth";
$cookie_value = "fook!$_POST[username]";
$cookie_expire = "0";
$cookie_domain = $domain;
setcookie($cookie_name, $cookie_value, $cookie_expire, "/", $cookie_domain, 0);
$_SESSION['online'] = TRUE;
}
ob_start();
if(isset($_SESSION['online']))
{
$stylesheet = "<style>
.knap
{
font-face: tahoma;
font-size: 8pt;
display: block;
height: 15px;
color: black;
border-style: solid;
border-color: black;
border-width: 0;
}
.knap:hover
{
font-family: tahoma;
font-size: 11px;
text-decoration: none;
color: #FFFFFF;
height: 13px;
border-width: 1px;
background-position: 50%;
background-image: url('
http://www.enetonline.dk/index.phptemplates/news_bg.gif');
}
</style>";
echo $stylesheet;
echo "<body bgcolor=\"#F2F2F2\"><table cellpadding=\"0\" cellspacing=\"0\" height=\"20\" width=\"100%\" align=\"left\">
<tr>
<td height=\"30\" width=\"16%\" class=\"knap\">
<a class=\"knap\" target=_top href=http://www.enetonline.dk/login/nyheds_poster.php?side=opret>Opret nyhed</a></td><tr>
<td height=\"30\" width=\"16%\" class=\"knap\">
<a class=\"knap\" target=_top href=http://www.enetonline.dk/login/nyheds_poster.php?side=alle>Se nyhederne</a></td><tr>
<td height=\"30\" width=\"16%\" class=\"knap\">
<a class=\"knap\" target=_top href=http://www.enetonline.dk/login/community.php>Community</a></td><tr>
<td height=\"30\" width=\"16%\" class=\"knap\">
<a class=\"knap\" target=_top href=http://www.enetonline.dk/login/members.php>Se alle medlemmer</a></td><tr>
<td height=\"30\" width=\"16%\" class=\"knap\">
<a class=\"knap\" target=_top href=http://www.enetonline.dk/login/profile.php>Ændre din profil</a></td><tr>
<td><br><br></td><tr>
<td height=\"30\" width=\"16%\" class=\"knap\">
<a class=\"knap\" target=_top href=http://www.enetonline.dk/login/login_hojremenu.php?bruger=logaf>Log ud</a> </td><tr>
</tr>
</table>";
die;
ob_end();
}
else
{
echo "<form action=\"
http://www.enetonline.dk/login/login_hojremenu.php\" method=\"POST\">";
echo " Brugernavn: <br> <input type=\"text\" name=\"username\" size=\"20\" style=\"font-size: 8pt; font-family: Tahoma\"><br>";
echo " Password: <br> <input type=\"password\" name=\"password\" size=\"20\" style=\"font-size: 8pt; font-family: Tahoma\"><br>";
echo "<br> <input type=\"submit\" value=\"Login!\" style=\"font-size: 8pt; font-family: Tahoma\">";
echo "</form>";
echo "• <a target=_top href=\"
http://www.enetonline.dk/login/register.php\">Opret konto</a>";
echo "<br> • <a target=_top href=\"
http://www.enetonline.dk/login/reset.php\">Glemt bruger & password</a>";
echo "<br> • <a target=_top href=\"
http://www.enetonline.dk/login/passwordreset.php?step=1\">Nulstil dit password!</a></font><br><br>";
}
?><body bgcolor="#F2F2F2">
// SLUT